JS_IFRAME.US - Description and solution

TrendLabs Malware Blog

Glossary

TrendWatch

TrendLabs Twitter

JS_IFRAME.US

Overview

Solution

Technical Details

Malware type: JavaScript

Aliases: Trojan-Clicker.HTML.IFrame.ml (Kaspersky), Mal/Iframe-F (Sophos),

In the wild: Yes

Destructive: No

Language: English

Platform: Windows 98, ME, NT, 2000, XP, Server 2003

Encrypted: No

Overall risk rating:

Reported infections:
Damage potential:		Medium
Distribution potential:		Low

Description:

Trend Micro threat researchers post findings and analyses on various threats in real-time at the Malware Blog. Users can find more information about this specific threat here.

To get a one-glance comprehensive view of the behavior of this malware, refer to the Behavior Diagram shown below.

JS_IFRAME.US Behavior Diagram

Malware Overview

This is the Trend Micro detection for Web pages that were compromised through the insertion of a certain iFrame tag.

This malicious JavaScript is usually embedded in exploited/compromised Web sites through insertions of malicious iFrames. It may be installed unknowingly by a user when visiting malicious/compromised Web sites.

The said iFrame tag is used to download the file 1.HTM from the URL http://www.{BLOCKED}ena.com.

The downloaded file is detected by Trend Micro as JS_DLOADER.TVP. As a result, the routines of the downloaded file may be exhibited on the system.

For additional information about this threat, see:
Solution
Technical Details

Description created: Apr. 3, 2008 5:48:58 AM GMT -0800

Search a new malware

Tell us how we did. Take our quick survey.